[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: new logstash issue

Moritz Muehlenhoff jmm at debian.org
Sat Mar 31 20:39:11 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d680181 by Moritz Muehlenhoff at 2018-03-31T22:35:27+02:00
new logstash issue

- - - - -
19fcf524 by Moritz Muehlenhoff at 2018-03-31T22:38:52+02:00
new imagemagick issue
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -61,9 +61,11 @@ CVE-2018-9137
 CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
 	NOT-FOR-US: Jungo
 CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...)
-	TODO: check
+	- imagemagick <unfixed> (unimportant)
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f7196b0b7539b113f2580b6a77aa496813d8899
+	NOTE: webp support not enabled, see #806425
 CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
 	TODO: check
 CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
@@ -13965,7 +13967,7 @@ CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack sec
 CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting ...)
 	- kibana <itp> (bug #700337)
 CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before ...)
-	TODO: check
+	- logstash <itp> (bug #664841)
 CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the ...)
 	- linux 4.11.6-1
 	[stretch] - linux 4.9.47-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bbdb925e2ca9d81aa80cb0cf744d22b6453a0242...19fcf524572347bbed5e253bdbb37fd08a0ed6c9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bbdb925e2ca9d81aa80cb0cf744d22b6453a0242...19fcf524572347bbed5e253bdbb37fd08a0ed6c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180331/3f7a7436/attachment-0001.html>

More information about the Secure-testing-commits mailing list